If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

A Few Words on Our Callout Guidelines

At this time I would like to make a statement here on Weasyl that I prefer not to have to do ever, but is something that comes with being part of a site like this. As many of our users are aware, one of our staff accounts was recently compromised and logs were released to the public regarding a recent journal posted by one of our users (Hereafter referred to as The User), in which they attempted to warn users who plan on attending Midwest Furfest about someone they allege raped them in the past. Let me first be clear that we are in no way going to attempt to hide these logs, deny their authenticity, or stifle conversation about them. We also are not calling into question the veracity of the claims made by The User. For the purposes of discussion here, and because we take the privacy of our users seriously, we have redacted the names of any and all involved in the logs and screenshots to follow who are not Weasyl staff members. We apologize to those involved that we can't protect their full privacy outside of our site. You can find the log here: http://pastebin.com/tGBYjrA6

What immediately jumps out to me, and others, is how I have come off as dismissive and unprofessional in regards to dealing with this case, particularly in a response I made, “But taw, [their] case is special” and again with a comment, “we’re an art gallery website, not the sex offender registry.” Those comments have rubbed many people the wrong way and is certainly not something I’m personally proud of, and I sincerely apologize for them. They were comments made out of frustration, as we had offered to open a line of dialogue with The User in order to reach a compromise, which had been met with the response “no”. My comments were out of an immediate emotion of frustration at potentially not being able to reach a solution that would be beneficial for all parties involved, and they were not up to the standards we hold ourselves to privately and publicly. For that I sincerely apologize to everyone who I have made uncomfortable, especially The User.

As a courtesy, I’d like to provide you all with as detailed an account of the events which led to that log. The person whom The User alleges raped them contacted us, along with other users, about the journal posted on November 27th. The primary issue at hand were the links The User posted to an off-site blog, in which The User specifically names the person they allege to have raped them, as well as a second link which details a story in which someone else makes a similar claim that they were also raped by the same person. We immediately took the issue to our moderation channels on IRC and, as we do with all reports of this type, discussed our options. The solution we came to on November 29th was to give The User the opportunity to edit the journal to remove the links while allowing the journal to remain up, with a 48 hour deadline to comply or we would be forced to remove the journal, as is consistent with cases similar to this. This deadline is still in effect. You can read the notice here: http://gyazo.com/c3f3caa22f8e0ba33ac73f163be5f37b

After sending the notice, I received a message from The User which simply contained the word “no”. The User then reposted the above message to a personal blog, expressing their disappointment at our decision. It was at this point I became frustrated and made my comments on the staff channel. The events following are detailed in the log that was previously linked. What wasn’t shown in the logs was that the second message being discussed and drafted in the logs was completed after an hour and a half of discussion and sent to The User (seen here: http://gyazo.com/c0a7cb60800ef7bd4e7235a199bd1b2d). As this more specific response illustrates, we proposed a specific change to one section of the journal, and left a deadline to change it in place; the user can decide what they wish to do. As of this writing the journal is still up and will remain up until our deadline Monday evening, assuming there is no contact from The User regarding the journal. We've even gone so far as to mention that if the journal is removed it could be reposted with the appropriate changes made. The User then responded that they wished to investigate for themselves if we could actually be liable for libelous content posted on the site. Somewhere around this point, someone compromised a staff member’s account and gained access to our staff chat, copied the logs, posted them online, and shared them with The User. The logs were also reposted to lulz.net and Vivisector.

Admittedly, we jumped the gun regarding the discussion on what we may be held legally liable for on the website. This was a new situation in which The User made serious criminal accusations against someone and we were put in an awkward situation in which we were dealing with a private dispute that was not only a violation of our callout policy, but we feared could also lead us to potentially being held partially responsible for any and all harassment or other actions taken against the accused. After a discussion involving those of our staff with a legal background, we determined we're not liable for the content our users put on our site in regards to accusations made against their character or acts. However, the callout policy has never been solely dependent on legal concerns. We also want to maintain a safe and positive atmosphere on our site, and enforce our guidelines in a fair and impartial manner.

Upon the release of the logs and The User’s own posts regarding the issue, several people have begun spreading misinformation and outright false claims about Weasyl staff and how we handle the site. At this time I’d like to address a few of these claims:

1. “Weasyl is punishing a rape victim.” – As can be seen from the notes sent to The User, at no time were they threatened with actions against their account. We are sympathetic to The User's situation and their desire to voice their concerns to the community, so we attempted to reach a compromise in which The User could keep their journal up in a way that adheres to our callout guidelines. The User was asked to remove the links which directly linked to the name of the person they alleged to have raped them. While the first message could have been more constructive and offered possible replacements, we did offer to meet them halfway by keeping the journal up so long as the direct link was removed and offered to sit down and discuss the matter to greater detail through PMs. Removing the journal was not and still is not our primary desire, and at the time of this announcement, it remains up. “Punishment” was never considered in this case, and that remains the case.

2. “Weasyl is protecting rapists.” – Weasyl’s callout rules apply to everyone, regardless of the situation in question. We also do not take sides in any private disputes between users. If roles were reversed, and The User was being attacked by another user in a journal pertaining to this matter (or any other reason), either directly or by offering to share the name via a link or through private messages, we would have taken similar action on that journal. This is because the staff believe Weasyl should not become a place where people call out users of this or any other site, which may potentially lead to harassment or other actions taken against the person being called out. The nature and authenticity of the claims being made is irrelevant to this policy. From the feedback we've received from our community, we also believe this is the kind of policy the majority of our users want as well.

3. "Weasyl has a Twitter bot that looks for any and all tweets made about them and posts them to the staff IRC chat." - Weasyl does not have a Twitter bot. What we do have is an IRC bot, named Wesley. Wesley does not become active unless a member of the chat posts a link in the chat. At that point, if the link is to a public tweet, Wesley is able to post the content of that tweet without us having to actually click the link to Twitter. For all other websites, Wesley simply reposts the page title. Weasyl staff have been known to look at tweets which mention us, either offhandedly or with an "@weasyl" mentioned in the tweet. Anyone can search for all tweets containing the word "Weasyl" simply by using Twitter's search bar at the top of their webpage. No bot is required to do this. This has been a great tool in the past for our staff, particularly the development team, to find out about bugs or other issues pertaining to the site on a technical level and resolve them.

As of right now our call out policy is under review, but it is still currently in effect. Any and all call outs made as of now in journals or submissions will still be subject to staff action.

Above all, our goal with this site is to provide a safe and positive atmosphere for users to share, comment on, and critique art. We cannot and will not condone call outs of any kind on this site. If there’s a concern with the content of a journal a user is looking to post, we’re more than willing to work with them to make sure it meets our callout guidelines, as we still are with The User. We also realize there are areas in which we’ve come up short, specifically in being clear and concise as well as, in my own case, my professionalism amongst staff. We are, if nothing else, a young site always striving to be better. This recent issue has been a learning experience for myself and the staff as a whole which we will not take lightly moving forward.

Again, to those individuals, particularly The User, who we have made uncomfortable recently, I speak for the whole of the Weasyl staff when I say I sincerely apologize. To those who have decided to leave Weasyl because of this issue, we offer our condolences and wish you luck in your future endeavors. For those who are still here, and those who are still coming to Weasyl, I promise you that we are committed to being the best site for your art as we can be.

Thank you for your time,

Term

- - - Updated - - -

This thread will also serve as a general AMA for Weasyl concerns and an opportunity for users to discuss this post directly with staff. Please be respectful to your fellow members.

Somewhere around this point, someone compromised a staff memberís account and gained access to our staff chat, copied the logs, posted them online, and shared them with The User. The logs were also reposted to lulz.net and Vivisector.

As much as I understand how upset the staff is about having to actually deal with a real problem here, I'm more concerend at how THIS is being brushed off.

Which Admin?
What level of breach was there?
Do you have any idea of what other information was taken?
Was the payment information I used to access to the Forums broached?
Has any attempt been made to locate the source of the 'hack'?
Which, of course, leads to the question of the rumors that 'Spacekitten' had a hand in coding the site and what that means for future user security.

It seems that if they had knowledge of any other info taken, they would have said so.

Was the payment information I used to access to the Forums broached?

User account =/= Premium payments. Again, see above. It would have been mentioned.

Has any attempt been made to locate the source of the 'hack'?

Honestly, it sounds like a password got found out. in some form or fashion. But this is the one thing I can only speculate on. Honestly--was it a hack? Or did someone stay logged in too long on unprotected servers?

Second, would admins want to admit to a security weakness until they could get it handled? Seriously. Why would they want to reveal where the gap was? That's inviting more mayhem.

Which, of course, leads to the question of the rumors that 'Spacekitten' had a hand in coding the site and what that means for future user security.

THis makes me wonder if Dragoneer hired SpaceKitten on FA staff simply to have someone with malovent coding abilities to make another site vulnerable or dysfunctional. Hmmmm.

Lets not start a rumor mill. I feel this response to the situation is appropriate and it is not the responsibility of an art site to handle personal/legal disputes. The parties involved if rape did occur and knows the name of said person should contact local authorities instead of attempting to stir up drama and smear tactics. The actions are immature, shady, and inappropriate The User should take this off the internet and take real actions to resolving their problems.

As much as I understand how upset the staff is about having to actually deal with a real problem here, I'm more concerend at how THIS is being brushed off.

Which Admin?
What level of breach was there?
Do you have any idea of what other information was taken?
Was the payment information I used to access to the Forums broached?
Has any attempt been made to locate the source of the 'hack'?
Which, of course, leads to the question of the rumors that 'Spacekitten' had a hand in coding the site and what that means for future user security.

This post was not intended to brush off the security concerns, here is the information in that regard in detail.

The account in question was a moderator account on main site, moderator accounts also have some privileges on the forums to view and comment in staff areas. These accounts however do not have access to payment information or sensitive information, which is viewable only with admin accounts and higher (payment information in particular is only accessible by high level accounts beyond admin level)

The Moderator account in question has already been removed from staff and all access was removed as soon as staff were made aware of a "compromise". At this time, based on the information at hand, we are virtually certain the moderator while claiming to have been compromised was acting of their own accord.

The development staff have been reviewing the site security measures since yesterday when the compromise was first indicated to us by the staff member who has been removed. Of all activity at the time, the only suspicious activity was accessing the IRC staff logs for November 29, which coincides with the information leaked to The User, and beyond. Meaning that the extent of the breach was only accessing staff logs.

The staff logs specifically are part of the irc staff channels. The discussions of the channel are automatically logged and stored in a separate area of the server which requires staff privileges to access and understanding of where the logs are located. These logs are kept so that admins and moderators are able to review discussion they may not have been present for.

This is deeply concerning to staff, and we have been taking this opportunity to review site and staff security. However the leak only pertains to the specific log posted, and moderators do not have access to sensitive information both on main site and on the forums. Moderator access only pertains to reviewing tickets, reviewing "friends only" submissions for moderation purposes, account information, and access to 'staff notes' which is a history of action taken on an account. Moderators do not have access to higher level chats nor the logs of these chats where more sensitive information (IDs, legal names, etc.) may be discussed by higher level staff.

As for the rumor regarding "starrykitten", this person has not worked for Weasyl by this name nor known aliases.

Last edited by Fay V; 11-30-2014 at 06:07 PM.
Reason: fixing some info

Admin Notice: Please keep commentary on the actions of "The User" to a minimum. While we have redacted the name for privacy this is still a sensitive topic and we do not wish to invite discussion on what an individual should or should not do regarding their private life which does not pertain to this site use.